|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Solaris libc locale format string exploit
From: Atro Tossavainen (atossava
CC.HELSINKI.FI)Date: Fri Oct 20 2000 - 05:54:25 CDT
- Next message: ET LoWNOISE: "[LoWNOISE] addendum %c1%1c IIS 4.0/5.0 Remote command execution"
- Previous message: Caldera Support Info: "Security Update: verification bug in gnupg"
- In reply to: Solar, Eclipse: "Solaris libc locale format string exploit"
- Next in thread: van der Kooij, Hugo: "Re: Solaris libc locale format string exploit"
- Reply: Atro Tossavainen: "Re: Solaris libc locale format string exploit"
- Reply: van der Kooij, Hugo: "Re: Solaris libc locale format string exploit"
- Reply: Jefferson Ogata: "Re: Solaris libc locale format string exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> On Sep 8, 2000 Warning3 posted an exploit for the Solaris
> libc locale format string vulnerability. This was more than
> a month ago.
>
> This bug has not been fixed yet. The Securityfocus vulnerability database
> shows no patches for the locale bug on Solaris. Sun's website does not
> even mention the existance of this bug.
My local Sun rep told me on Oct 3 that they have fixes ready for all
supported software releases and platforms and that evaluation patches
would be sent to customers in a few days.
Obviously not.
I asked him again yesterday, with the response that the kernel update
process for all supported software releases and platforms is rather
tedious and lengthy, and that's why it's taking so long.
I'm not happy, and the people I work for are even less so, but it's
better than not hearing back from them at all.
-- Atro Tossavainen (Mr.) | The Institute of Biotechnology at the Systems Analyst | University of Helsinki, Finland, employs +358-9-19158939 | me, but my opinions are my own. < URL : http : / / www . iki . fi / atro . tossavainen / >
- Next message: ET LoWNOISE: "[LoWNOISE] addendum %c1%1c IIS 4.0/5.0 Remote command execution"
- Previous message: Caldera Support Info: "Security Update: verification bug in gnupg"
- In reply to: Solar, Eclipse: "Solaris libc locale format string exploit"
- Next in thread: van der Kooij, Hugo: "Re: Solaris libc locale format string exploit"
- Reply: Atro Tossavainen: "Re: Solaris libc locale format string exploit"
- Reply: van der Kooij, Hugo: "Re: Solaris libc locale format string exploit"
- Reply: Jefferson Ogata: "Re: Solaris libc locale format string exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]